Overview
Client is seeking a Senior Product Security Engineer to assess and evaluate the security posture of embedded, IoT, and industrial automation products. This role will perform advanced penetration testing across hardware, firmware, wireless technologies, applications, and supporting infrastructure while providing remediation guidance to engineering teams.
Core Responsibilities
- Perform security testing across industrial automation products and technologies.
- Conduct hardware, firmware, Wi-Fi, Bluetooth, RF, application, network, and protocol penetration testing.
- Identify security defects using application, network, firmware, and hardware security testing toolsets.
- Analyze discovered vulnerabilities and provide actionable remediation recommendations.
- Support threat modeling and secure development lifecycle processes.
- Perform software composition analysis, static application security testing, dynamic application security testing, and binary analysis.
- Develop modular, repeatable, and effective security testing processes.
- Select, implement, develop, and automate security testing tools.
- Script advanced attacks and develop proof-of-concept exploits.
- Fuzz applications and protocols to identify previously unknown vulnerabilities.
- Identify and exploit advanced logic flaws and multi-step architectural weaknesses.
- Document findings using standardized security reporting processes.
- Partner with cross-functional teams to resolve identified security weaknesses.
- Mentor junior product security team members.
- Integrate penetration testing tools and processes into CI/CD pipelines.
Essential Qualifications, Skills, and Technologies
- Bachelor's degree in computer science, software engineering, electrical engineering, or equivalent experience.
- 8 years of demonstrated cybersecurity experience.
- 5 years of penetration testing experience.
- Hands-on hardware and firmware penetration testing experience.
- RF, Wi-Fi, and Bluetooth penetration testing experience.
- Experience with secure development lifecycle processes and threat modeling.
- Experience with software composition analysis, SAST, DAST, and binary analysis.
- Experience using penetration testing methodologies and security testing tools.
- Strong understanding of application protocols, software development, and common attack vectors.
- Understanding of security-by-design principles and architecture-level security concepts.
- Ability to script advanced attacks.
- Ability to fuzz applications and protocols and exploit newly discovered vulnerabilities.
- Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques.
- Experience integrating penetration testing tools into CI/CD pipelines.
Preferred Skills or Experience
- Industrial Control Systems penetration testing experience.
- Experience testing embedded and IoT products.
- Penetration testing experience across web applications, mobile applications, thick-client applications, APIs, web services, cloud platforms, and containers.
- Knowledge of current and emerging security threats and exploitation techniques.
- Relevant security certification such as CEH, OSCP, or OSWE.
Work Details
- Onsite in Duluth, Georgia.
- May frequently lift or move up to 25 pounds.
Nesco Resource offers a comprehensive benefits package for our associates, which includes a MEC (Minimum Essential Coverage) plan that encompasses Medical, Vision, Dental, 401K, and EAP (Employee Assistance Program) services.
Nesco Resource provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.




